[Presidential Review Directives]

Assessment of the
Current and Future International Market
Software Products Containing Encryption
["late" 1994]

In late 1994, in fulfillment of Vice President Gore's earlier commitment, the National Security Advisor directed that an interagency study be prepared to assess the current and future international market for software products containing encryption (PRD/NSC-48). The directive was in response to industry claims that U.S. export controls on certain powerful encryption technologies were providing no benefit to national security, and were hampering the software industry's ability to compete in the global marketplace. The Department of Commerce and the National Security Agency jointly prepared the report, which was completed in July, 1995. The Bureau of Export Administration took the lead in assessing domestic and international markets for encryption and the impact of export controls on U.S. industry, while NSA was responsible for identifying and evaluating foreign encryption software products and international laws and controls governing use, export and import of encryption. A declassified version of the final report was made available to the public on 11 January 1996.

The study provides an in-depth evaluation of the international market, reviews the availability of foreign encryption software, and assesses the impact that U.S. export controls for encryption have had on the competitiveness of the software industry. The study found that the US software industry still dominates world markets, but the existence of strong export controls, both in the United States and other major countries, is slowing the growth of the international market.



Thursday, January 11,1996 (202) 482-4883
Eugene Cottilli
(202) 482-2721

Washington, D.C. -- The growth of an international market for encryption software is being slowed by strong export controls, both in the United States and other major countries. Moreover,the quality of products offered abroad varies greatly, with some not providing the level of protection advertised.

The study, jointly prepared by the Commerce Department's Bureau of Export Administration (BXA) and the National Security Agency (NSA), evaluates the current and future market for computer software with encryption, which allows users to protect their data using codes. The study also reviews the availability of foreign encryption software and assesses the impact that U. S. export controls on encryption have on the competitiveness of the software industry.

"Our study provides a clear snapshot of the international competition in this segment that the software industry faces," said Cornmerce Secretary Ron Brown. "Better understanding of the products and the marketplace gives us the tools to ensure that our export control policies are appropriate," he added.

The study noted encryption software presently accounts for only a small percentage of the total computer software but should grow substantially as the U.S. and other countries deveiop and expand public networks and electronic commerce.

The study found that the U.S. software industry still dominates world markets. In those markets not offering strong encryption locally, U.S. software encryption remains the dominant choice. However, the existence of foreign products with labels indicating DES (Data Encryption Standard) or other strong algorithms, even if they are less secure than claimed, can nonetheless have a negative effect on U. S competitiveness. The study also notes that the existence of strong U.S. export controls on encryption may have discouraged U.S software producers from enhancing the security features of general purpose software products to meet the anticipated growth in demand by foreign markets.

All countries that are major producers of commercial encryption products were found to control exports of the products to some extent. A few countries (e.g., France, Russia, and Israel) control imports and domestic use of encryption, as well.

As part of the study, NSA evaluated twenty-eight different foreign encryption software products, finding that some were less secure than advertised. Because customers lack a way to determine actual encryption strength, they sometimes choose foreign products over apparently weaker U.S. ones, giving those foreign products a competitive advantage.


Sources and Methods